BitSafe is an opensource Debian-based live linux distribution designed to provide an essential and secure environment to store and use your bitcoins from a USB drive, SD card or hard disk.

Unlike other live distros, BitSafe is thought to do nothing else other than to keep your bitcoins really safe. The crypted persistence partition used to store the wallet and the block chain is not mounted as home directory: it's only used by the Bitcoin client and other few applications related to backup and security (gpg and ssh). BitSafe takes care to dynamically mount and unmount said persistence as needed, making everything else volatile: home, cache, temporary files, settings, browser... everything vanishes as soon as it's shut down.BitSafe comes with full networking support, TOR included, but you can also use it offline for even greater security. When you'll need your bitcoins, you just have to connect it to the net and let it download the block chain.

Features:

Very light, it can be run on about any PC. If it has 64 MB of ram or more it can run BitSafe

Immunity to most malware around, including keyloggers. If you use the built-in soft keyboard to enter passwords, you are immune to hardware keyloggers, too

Comes with the latest official Bitcoin client (bitcoin-qt V0.6.0)

Volatile, non-persistent home directory. Persistence (for the bitcoin client and backup applications only) is provided by a secondary partition that is automatically created and mounted on-demand (asking for password) whenever you open bitcoin or any program that needs it, and then it's unmounted when it isn't needed anymore

Can download the blockchain from a trusted source, to cut down the time needed for the first sync to less than an hour, down from several days.

TOR and Vidalia installed by default. You can start bitcoin with TOR networking just by clicking on a icon.

Minimal number of applications and installed packages to reduce attack surface. If you need a browser, there's a script to download and run Firefox from RAM with TORbutton and noscript already installed.

Persistent screen locking password to protect the client while you're not at the PC.

Multilanguage. The default build supports English, German, Italian, Spanish, French, Portoguese and Russian, but you can download the source and build your own localized version choosing any language supported by Debian Squeeze. ATM BitSafe scripts are localized in english and italian only, feel free to contribute

If GUI isn't your thing, you can disable x and go text mode with bitcoind. BitSafe scripts will work just fine

FlashingTHIS WILL FORMAT YOUR FLASH DRIVE AND YOU'LL LOSE ANYTHING YOU HAVE ON IT, INCLUDING THE STORAGE PARTITION AND ANY BITCOIN STORED THERE. IF YOU HAVE ALREADY INSTALLED A PREVIOUS VERSION OF BITSAFE ON THE SAME DRIVE AND YOU ONLY WANT TO UPGRADE, PLEASE FOLLOW THE INSTRUCTIONS IN THE NEXT SECTION.You'll need a fast USB drive or SD card of 4gb or more. I say fast for a reason: bitcoin goes heavy on disks, and slow devices will greatly slow it down. You want a drive that can at least put down 10 MB/s of write bandwidth. Here's a brief list of some suitable USB sticks. For SD cards, aim for a class 10 device.Download the Binary Image file and flash it on your drive.

On Linux: sudo dd if=/path/to/binary.img of=/dev/sdX where sdX is the name of the device (not partition) you want to flash BitSafe onOn Mac: Same as for Linux. Remember to unmount (not eject) the device you want to install BitSafe on before using dd or it'll give an error. NOTE: You'll need some extra steps to let bitcoin boot on a Mac, just as any other USB live linux distribution. Read more about this here.On Windows: I recommend Image Writer. You'll need to launch it as administrator. Go pick the downloaded binary.img file, choose the letter of the drive you want to install BitSafe on and press "Write".

UpgradingIf you have already installed a previous version of BitSafe on a device and you want to upgrade it without losing your storage partition, just download the Live filesystem from the download section, insert the drive with BitSafe in the computer and overwrite the directory "live" with the one in the file you downloaded.

Usage

Insert the device you flashed BitSafe on in the PC you wish to use it and start (or reboot) it.

As soon as the PC displays the first screen press repeatly the boot list menu button (usually "F12" or "ESC") and choose the BitSafe device from the list you'll get. If your PC doesn't have a boot list menu you'll have to launch the BIOS setup, navigate into the boot options and set your PC to boot from the device with BitSafe first.

Double click on the Bitcoin icon to launch the first time wizard utility

BitSafe will ask if you want to create the storage partition. Press yes and enter your choosen password when requested, you'll have to enter it a total of 3 times. Please keep in mind that there's no way to recover the password, should you forget it.

BitSafe will ask if you want to download the block chain from the web. Press yes if you are connected to the internet and you're not paranoid, otherwise press no. Keep in mind that the former option takes about 1 hour to reach the sync state from scratch, while the latter takes about 2-3 days.

Finally, the Bitcoin client is launched. You can use it as you usually do.

Remember to shut down the PC using the shutdown button in the lower right corner of the screen. Cutting down the power while the client is running may lead to blockchain or even wallet corruption.

To Do:

Backup manager with multiple encryption and output choices.

Script to download the blockchain from here and put in the bitcoin data folder done!

Trasparent TOR for every ongoing connection (when enabled)

GUI for format script

Restore the storage partition after flashing the image, to unify first time installations and upgrading.

Tool to export all bitcoin addresses in the wallet.dat file

DISCLAMER:BitSafe is a beta software. I cannot guarantee you will not have problems. Under no circumstances I will take any responsibility for any damage done to your hardware, your software and/or your finances directly or indirecly caused by my software.

To upgrade from previous installations, do NOT flash your drive with the binary.img file! Just delete the "padder" file and replace the filesystem.squashfs file in the live directory with the one in the download section.

Change list:

Added an internal backup feature, which will be used by the backup frontend i'm working on. Your sensible data is put in a tar.bz2 archieve and backed up every time you mount the persistent storage partition. This includes the wallet.dat file and the gpg and ssh datadirs.

Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.

Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?

No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

Quote

Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.

I use the "new" connection manager in Debian Squeeze which is AFAIK the same one in Ubuntu. I included all the optional wifi drivers and firmware packets i could find in the debian archives, intel-notfree included. If your card doesn't work, please let me know the model so I can look into it.

Quote

Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?

You're right, that's why in my first builds there was no browser at all. Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it. Probably, i'll end up giving two different builds, one with the browser and the other one without. I don't like the idea of using a virtual machine, as that would basically cut off all the PCs mounting a CPU without virtualization feature.

No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

If I'm not mistaken the client does not download the blockchain at "full speed". I don't remember if the reason for this is that the verification process normally takes longer than the download, or that everything is downloaded from one unique connection, not benefiting from the P2P nature of the network like a torrent with so many seeds would. Either case, Tor shouldn't have a much negative impact.Also, you may deliver your system with the block chain files already downloaded and indexed, up to the point when the release was built. That would be very useful and poses no trust issue.

Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it.

You could argue that your system is meant to be a "safe banking system", not the browsing system the user will use daily. So, people could leave their larger wallets on your system, and in the browsing system have another wallet credited with an amount they could eventually afford to lose.Plus, sending addresses to the "banking system" could be done by writing them on a file on the disk, and once in BitSafe, mounting the disk and reading this file. Eventually this could even be automated with a browser plugin on the browsing system side, and an utility app on BitSafe side that would know where to search for addresses during boot time, and then ask the user if he wants to confirm those payments (amount and description info could be included, like those bitcoin URLs. Just giving some ideas...

Also, you may deliver your system with the block chain files already downloaded and indexed, up to the point when the release was built. That would be very useful and poses no trust issue.

I don't like "prebuilt" block chains: i think the right (default) approach is letting the client download and verify the block chain via P2P. Besides, many people (including me) may want to use bitsafe as offline wallet generator. I think I'll add a script to download and install the block chain from some trusted source.

I didn't quite understand what you meant there... there are PCs incapable of running a virtual machine?

Yes, every CPU is capable of running a virtual machine but only those with hardware virtualization can do it efficently. As this build is likely to be used on old laptops with outdated hardware, I feel that running a modern browser via software virtualization on those slow CPUs isn't viable.Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO

As I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial

and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown. Is there a way to make such configuration persistent?

After I had wifi, I loaded Bitcoin to download the blockchain. I made a mistake with the virtual keyboard and the verification of my password didn't match the first input. The script went a bit crazy after that and created a persistent partition that I cannot access. It claims it's corrupted but doesn't offer to overwrite it (normal, since it doesn't know if there are coins there). I'll probably just format everything since I don't have anything to lose.

Not a big issue, but it seems the keyboard layout is chosen based on the language you select on startup. Not sure if it's the best choice... when I chose Portuguese, I couldn't find the symbols I wanted anymore.

[lAs I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial[/li][/list] and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown. Is there a way to make such configuration persistent?

I'll check if that fix doesn't block any working configuration, mostly the blacklisting part. If it doesn't, I'll add it to the build.

Quote

After I had wifi, I loaded Bitcoin to download the blockchain. I made a mistake with the virtual keyboard and the verification of my password didn't match the first input. The script went a bit crazy after that and created a persistent partition that I cannot access. It claims it's corrupted but doesn't offer to overwrite it (normal, since it doesn't know if there are coins there). I'll probably just format everything since I don't have anything to lose.

It's intended: bitsafe will automatically start the persistent partition format utility only if no secondary partitions are found on the current drive. If any is present but it can't be properly mounted, which is your case, you will need to manually start the format script in the system menu as stated in the error message.

Quote

Not a big issue, but it seems the keyboard layout is chosen based on the language you select on startup. Not sure if it's the best choice... when I chose Portuguese, I couldn't find the symbols I wanted anymore.

That's a problem i'm trying to fix. There's a keyboard layout switcher applet, but it shows the current layout as the only possible choice. I'll look into it.

I'll check if that fix doesn't block any working configuration, mostly the blacklisting part. If it doesn't, I'll add it to the build.

Thank you!

By the way, today I had a weird error, which I'm not sure if it's related to BitSafe somehow, or bitcoin itself.

I've left my laptop downloading the block chain, not connected to the power supply, until the battery was over. So, there was this sudden shutdown during block download. After I restart and tried to load the bitcoin client again, I got two error popups, with the following messages:

First popup:

EXCEPTION: NSt8ios_base7failureE CAutoFile::read : end of file bitcoin in AppInit()

Second popup:

EXCEPTION: NSt8ios_base7failureE CAutoFile::read : end of file bitcoin in CMyApp::OnUnhandledException()

And after clicking OK to the second popup, nothing happens, bitcoin does not start.

It looks like you have a corrupt blockchain. It happened once for me when i disconnected the USB drive while bitcoin was running. Can you check that the issue (and the blockchain) disappears when you delete everyting in the /storage/bitcoin folder except for the wallet.dat file?

Very cool. I'd been playing around with building my own live CD, but you beat me to it.

What version of the bitcoin client do you have installed (and what version of libdb++ did you use)? If I wanted to use my own branch (like one of sipa's with the private key import), what would be the easiest way to do that? What would be the easiest way to get namecoin installed? I haven't done much with debian before, but I do know my way around linux/freeBSD.

It looks like you have a corrupt blockchain. It happened once for me when i disconnected the USB drive while bitcoin was running. Can you check that the issue (and the blockchain) disappears when you delete everyting in the /storage/bitcoin folder except for the wallet.dat file?

Yes, I already did it, and it works after deleting the blockchain files.

This is probably a problem with bitcoin, then, right? I'll search if there is a bug for this already.

I'm having some problems using the available Tor proxy... Iceweaseal doesn't connect to it after manual configuration, and when I configure bitcoin to use Tor it does not find any peer. I haven't investigated much yet to figure out what could be the reason, I might just be making something wrong.

You'll need a fast USB drive or SD card. I say fast for a reason: bitcoin goes heavy on disks, and slow devices will greatly slow it down.

And he means it!My initial download, on a Kingston memory stick, took more than 2 full days.

I don't know how bitcoin does the block chain indexation, but I suspect the index is not kept on RAM during block download, and that every new address it finds it just inserts it in the middle of the index, directly on the "disk". That would require moving, in average, half the current size of the index every time it finds a new address. Currently that's ~150Mb. In a USB stick that's very slow.I suspect it works like that because block download got slower the bigger the downloaded chain was.

To summarize, rb1205, if you want a few more suggestions, here are them:

A lightweight client like MultiBit could be useful.

Consider distributing the chain files already indexed with BitSafe. There's really no trust issue in that, as you cannot lie about the largest chain. That won't make bitcoin any less P2P and will speed things up for those which prefer the original client.

Make the storage partition larger than 2GB if possible.

Thank you a lot for this great work of yours. I plan to keep using it, and annoying you with these suggestions.

As I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown. Is there a way to make such configuration persistent?

I manually compiled and added the wl.ko module, and blacklisted the brcm80211 module. I can't blacklist the b44, b43, b43legacy and ssb modules as that would stop many wifi and ethernet interfaces from working. Can you please check if this is working or not? If it isn't, you should be able to make it work just by typing